NT4/private/ntos/npfs/seinfo.c
2020-09-30 17:12:29 +02:00

417 lines
9.1 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
SeInfo.c
Abstract:
This module implements the Security Info routines for NPFS called by the
dispatch driver. There are two entry points NpFsdQueryInformation
and NpFsdSetInformation.
Author:
Gary Kimura [GaryKi] 21-Aug-1990
Revision History:
--*/
#include "NpProcs.h"
//
// The debug trace level
//
#define Dbg (DEBUG_TRACE_SEINFO)
//
// local procedure prototypes
//
NTSTATUS
NpCommonQuerySecurityInfo (
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
IN PIRP Irp
);
NTSTATUS
NpCommonSetSecurityInfo (
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
IN PIRP Irp
);
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE, NpCommonQuerySecurityInfo)
#pragma alloc_text(PAGE, NpCommonSetSecurityInfo)
#pragma alloc_text(PAGE, NpFsdQuerySecurityInfo)
#pragma alloc_text(PAGE, NpFsdSetSecurityInfo)
#endif
NTSTATUS
NpFsdQuerySecurityInfo (
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
IN PIRP Irp
)
/*++
Routine Description:
This routine implements the FSD part of the Query Security Information API
calls.
Arguments:
NpfsDeviceObject - Supplies the device object to use.
Irp - Supplies the Irp being processed
Return Value:
NTSTATUS - The Fsd status for the Irp
--*/
{
NTSTATUS Status;
PAGED_CODE();
DebugTrace(+1, Dbg, "NpFsdQuerySecurityInfo\n", 0);
//
// Call the common Query Information routine.
//
FsRtlEnterFileSystem();
NpAcquireExclusiveVcb();
try {
Status = NpCommonQuerySecurityInfo( NpfsDeviceObject, Irp );
} except(NpExceptionFilter( GetExceptionCode() )) {
//
// We had some trouble trying to perform the requested
// operation, so we'll abort the I/O request with
// the error status that we get back from the
// execption code
//
Status = NpProcessException( NpfsDeviceObject, Irp, GetExceptionCode() );
}
NpReleaseVcb();
FsRtlExitFileSystem();
//
// And return to our caller
//
DebugTrace(-1, Dbg, "NpFsdQuerySecurityInfo -> %08lx\n", Status );
return Status;
}
NTSTATUS
NpFsdSetSecurityInfo (
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
IN PIRP Irp
)
/*++
Routine Description:
This routine implements the FSD part of the Set Security Information API
calls.
Arguments:
NpfsDeviceObject - Supplies the device object to use.
Irp - Supplies the Irp being processed
Return Value:
NTSTATUS - The Fsd status for the Irp
--*/
{
NTSTATUS Status;
PAGED_CODE();
DebugTrace(+1, Dbg, "NpFsdSetSecurityInfo\n", 0);
//
// Call the common Set Information routine.
//
FsRtlEnterFileSystem();
NpAcquireExclusiveVcb();
try {
Status = NpCommonSetSecurityInfo( NpfsDeviceObject, Irp );
} except(NpExceptionFilter( GetExceptionCode() )) {
//
// We had some trouble trying to perform the requested
// operation, so we'll abort the I/O request with
// the error status that we get back from the
// execption code
//
Status = NpProcessException( NpfsDeviceObject, Irp, GetExceptionCode() );
}
NpReleaseVcb();
FsRtlExitFileSystem();
//
// And return to our caller
//
DebugTrace(-1, Dbg, "NpFsdSetSecurityInfo -> %08lx\n", Status );
return Status;
}
//
// Internal support routine
//
NTSTATUS
NpCommonQuerySecurityInfo (
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
IN PIRP Irp
)
/*++
Routine Description:
This is the common routine for querying security information.
Arguments:
Irp - Supplies the Irp to process
Return Value:
NTSTATUS - the return status for the operation
--*/
{
PIO_STACK_LOCATION IrpSp;
NTSTATUS Status;
NODE_TYPE_CODE NodeTypeCode;
PFCB Fcb;
PCCB Ccb;
NAMED_PIPE_END NamedPipeEnd;
PAGED_CODE();
//
// Get the current stack location
//
IrpSp = IoGetCurrentIrpStackLocation( Irp );
DebugTrace(+1, Dbg, "NpCommonQuerySecurityInfo...\n", 0);
DebugTrace( 0, Dbg, " Irp = %08lx\n", Irp);
DebugTrace( 0, Dbg, " ->SecurityInformation = %08lx\n", IrpSp->Parameters.QuerySecurity.SecurityInformation);
DebugTrace( 0, Dbg, " ->Length = %08lx\n", IrpSp->Parameters.QuerySecurity.Length);
DebugTrace( 0, Dbg, " ->UserBuffer = %08lx\n", Irp->UserBuffer);
//
// Get the ccb and figure out who we are, and make sure we're not
// disconnected.
//
if ((NodeTypeCode = NpDecodeFileObject( IrpSp->FileObject,
&Fcb,
&Ccb,
&NamedPipeEnd )) == NTC_UNDEFINED) {
DebugTrace(0, Dbg, "Pipe is disconnected from us\n", 0);
NpCompleteRequest( Irp, STATUS_PIPE_DISCONNECTED );
Status = STATUS_PIPE_DISCONNECTED;
DebugTrace(-1, Dbg, "NpCommonQueryInformation -> %08lx\n", Status );
return Status;
}
//
// Now we only will allow write operations on the pipe and not a directory
// or the device
//
if (NodeTypeCode != NPFS_NTC_CCB) {
DebugTrace(0, Dbg, "FileObject is not for a named pipe\n", 0);
NpCompleteRequest( Irp, STATUS_INVALID_PARAMETER );
Status = STATUS_INVALID_PARAMETER;
DebugTrace(-1, Dbg, "NpCommonQueryInformation -> %08lx\n", Status );
return Status;
}
//
// Call the security routine to do the actual query
//
try {
Status = SeQuerySecurityDescriptorInfo( &IrpSp->Parameters.QuerySecurity.SecurityInformation,
Irp->UserBuffer,
&IrpSp->Parameters.QuerySecurity.Length,
&Fcb->SecurityDescriptor );
if ( Status == STATUS_BUFFER_TOO_SMALL ) {
Irp->IoStatus.Information = IrpSp->Parameters.QuerySecurity.Length;
Status = STATUS_BUFFER_OVERFLOW;
}
} except(EXCEPTION_EXECUTE_HANDLER) {
ExRaiseStatus( STATUS_INVALID_USER_BUFFER );
}
NpCompleteRequest( Irp, Status );
DebugTrace(-1, Dbg, "NpCommonQuerySecurityInfo -> %08lx\n", Status );
return Status;
}
//
// Internal support routine
//
NTSTATUS
NpCommonSetSecurityInfo (
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
IN PIRP Irp
)
/*++
Routine Description:
This is the common routine for Setting security information.
Arguments:
Irp - Supplies the Irp to process
Return Value:
NTSTATUS - the return status for the operation
--*/
{
PIO_STACK_LOCATION IrpSp;
NTSTATUS Status;
NODE_TYPE_CODE NodeTypeCode;
PFCB Fcb;
PCCB Ccb;
NAMED_PIPE_END NamedPipeEnd;
PSECURITY_DESCRIPTOR OldSecurityDescriptor;
PAGED_CODE();
//
// Get the current stack location
//
IrpSp = IoGetCurrentIrpStackLocation( Irp );
DebugTrace(+1, Dbg, "NpCommonSetSecurityInfo...\n", 0);
DebugTrace( 0, Dbg, " Irp = %08lx\n", Irp);
DebugTrace( 0, Dbg, " ->SecurityInformation = %08lx\n", IrpSp->Parameters.SetSecurity.SecurityInformation);
DebugTrace( 0, Dbg, " ->SecurityDescriptor = %08lx\n", IrpSp->Parameters.SetSecurity.SecurityDescriptor);
//
// Get the ccb and figure out who we are, and make sure we're not
// disconnected.
//
if ((NodeTypeCode = NpDecodeFileObject( IrpSp->FileObject,
&Fcb,
&Ccb,
&NamedPipeEnd )) == NTC_UNDEFINED) {
DebugTrace(0, Dbg, "Pipe is disconnected from us\n", 0);
NpCompleteRequest( Irp, STATUS_PIPE_DISCONNECTED );
Status = STATUS_PIPE_DISCONNECTED;
DebugTrace(-1, Dbg, "NpCommonQueryInformation -> %08lx\n", Status );
return Status;
}
//
// Now we only will allow write operations on the pipe and not a directory
// or the device
//
if (NodeTypeCode != NPFS_NTC_CCB) {
DebugTrace(0, Dbg, "FileObject is not for a named pipe\n", 0);
NpCompleteRequest( Irp, STATUS_INVALID_PARAMETER );
Status = STATUS_INVALID_PARAMETER;
DebugTrace(-1, Dbg, "NpCommonQueryInformation -> %08lx\n", Status );
return Status;
}
//
// Call the security routine to do the actual set
//
OldSecurityDescriptor = Fcb->SecurityDescriptor;
Status = SeSetSecurityDescriptorInfo( NULL,
&IrpSp->Parameters.SetSecurity.SecurityInformation,
IrpSp->Parameters.SetSecurity.SecurityDescriptor,
&Fcb->SecurityDescriptor,
PagedPool,
IoGetFileObjectGenericMapping() );
if (NT_SUCCESS(Status)) {
ExFreePool( OldSecurityDescriptor );
}
NpCompleteRequest( Irp, Status );
DebugTrace(-1, Dbg, "NpCommonSetSecurityInfo -> %08lx\n", Status );
return Status;
}